CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22515 – Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server
https://notcve.org/view.php?id=CVE-2021-22515
12 Jul 2021 — Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. Una funcionalidad de Autenticación Multifactor (MFA) puede ser omitida, permitiendo el uso de la autenticación de un solo factor en NetIQ Advanced Authentication versiones anteriores a 6.3 SP4 Parche 1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22516
https://notcve.org/view.php?id=CVE-2021-22516
04 Jun 2021 — Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file. Una vulnerabilidad de Inserción de Información Confidencial en un Archivo de Registro en el producto Micro Focus Secure API Manager (SAPIM), afectando la versión 2.0.0. La vulnerabilidad podría conllevar a que la información confidencial se encuentre en un archivo de registro • https://www.microfocus.com/documentation/secure-api-manager/2-0/release-notes-secure-api-manager-201/release-notes-secure-api-manager-201.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2021-22519
https://notcve.org/view.php?id=CVE-2021-22519
28 May 2021 — Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93). The vulnerability could allow remote attackers to execute arbitrary code on affected installations of SiteScope. Una vulnerabilidad de código arbitrario ejecutado en el producto Micro Focus SiteScope, que afecta a las versiones 11.40,11.41, 2018.05 (11.50), 2018.0... • https://softwaresupport.softwaregrp.com/doc/KM03811028 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-22514
https://notcve.org/view.php?id=CVE-2021-22514
28 Apr 2021 — An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM. Se presenta una vulnerabilidad de ejecución de código arbitrario en Micro Focus Application Performance Management, que afecta a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría permitir a atacantes remotos ejecutar código arbitrario en instalaciones afec... • https://softwaresupport.softwaregrp.com/doc/KM03806649 •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22505
https://notcve.org/view.php?id=CVE-2021-22505
13 Apr 2021 — Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent. Una vulnerabilidad de escalada de privilegios en Micro Focus Operations Agent afecta a versiones 12.0x, 12.10, 12.11, 12.12, 12.14 y 12.15. La vulnerabilidad podría ser explotada para escalar privilegios y ejecutar código bajo la cuenta del Operations A... • https://softwaresupport.softwaregrp.com/doc/KM03792442 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22497 – Advanced Authentication Improper Session Management
https://notcve.org/view.php?id=CVE-2021-22497
12 Apr 2021 — Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue. Advanced Authentication versiones anteriores a 6.3, SP4, presentan una posible autenticación rota debido a un problema de administración de sesión inapropiada • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-634/data/advanced-authentication-releasenotes-634.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22512
https://notcve.org/view.php?id=CVE-2021-22512
08 Apr 2021 — Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins. La vulnerabilidad afecta a versión 6.7 y versiones anteriores. • https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22511
https://notcve.org/view.php?id=CVE-2021-22511
08 Apr 2021 — Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates. Una vulnerabilidad de comprobación inapropiada de certificado en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins. La vulnerabilidad afecta a versión 6.7 y versiones anteriores. • https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2176 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22510
https://notcve.org/view.php?id=CVE-2021-22510
08 Apr 2021 — Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions. Una vulnerabilidad de tipo XSS reflejado en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins. La vulnerabilidad afecta a todas las versiones 6.7 y anteriores • https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2175 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22513
https://notcve.org/view.php?id=CVE-2021-22513
08 Apr 2021 — Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks. Una falta de una vulnerabilidad de autorización en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins. La vulnerabilidad afecta a versión 6.7 y versiones anteriores. • https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132 • CWE-862: Missing Authorization •